Identity management in an enterprise involves obtaining adequate information about a user of an enterprise system in order to establish the identity of the user. A typical way to achieve this is to use an authentication procedure, say, based on a user id and a password. In this case, each user of the system is provided with a unique user id and the users are requested to register the passwords of their choice with the system. In certain environments, the user id, password combination may become the weak link in the overall security aspects of the enterprise system. For example, the password could get stolen and misused. The additional responsibility of the identity management system is to ensure that no such fraudulent intrusions happen. One of the enhancements could be to exploit challenge-response technique, wherein on successful obtaining of the password from a user, the system poses one or more challenges, say in terms of questions, to the user. The access to the system is granted only upon the successful completion of this challenge-response duel. Observe that while, in principle, this enhances access security, this enhancement is also open to identity theft and insider related frauds. An interesting challenge-response system is based on what is called as Captcha: Captcha is a software program that can generate and grade tests that most humans can pass but current software programs can't pass. This is used to ensure that a web site is not systematically attacked by a software program generating unexpected results. Note that such a variation in challenge-response overcomes a particular limitation of a typical challenge-response.
The authentication schemes need to not only account for enhanced access security, but also to support single signon mechanisms. Single signon solutions aim at reducing the sign on overhead from the perspectives of users and enterprises. Various features that are expected from a single sign on solution include Security, Standards compliance (security), Multi-factor authentication, Interoperability, Easy deployment, Scalability, Intelligent learning, Service continuity, Service composition, Performance, Return on investment, and Enhanced user productivity. While single signon promises an easy and productive solution, the question of “degree of security” is highly debatable leading to the continuing threat for its wide adoption by enterprises. A system for supporting adequate security and flexibility for single signon systems involves a software program that can generate and grade tests that only a “real” user can pass and imposters can't pass.